Japan Airlines (JAL) has faced flight disruption after its system was targeted by a cyberattack on Thursday morning local time, delaying 24 domestic flights for more than 30 minutes.

According to JAL, the cyber breach, suspected to be a distributed denial-of-service (DDoS) attack, reportedly began at around 7:24 a.m. local time, causing a notable network malfunction that affected both national and international flights.

The DDoS attack overwhelmed the airline's internal and external network systems with enormous data traffic for hours, disrupting network-reliant services at Japanese airports.

After conducting preliminary investigations, JAL identified one of its routers as the source of the widespread network disruption and shut it down at around 8:56 a.m. to prevent further attacks. The company also initiated system recovery to restore normal operations.

JAL also suspended the sale of same-day flight tickets on Thursday for both domestic and international travel to monitor its systems recovery as it worked to restore its flight operations.

“We identified and addressed the cause of the issue. We are checking the system recovery status. Sales for both domestic and international flights departing today have been suspended,” the company said in a post on X.

“We apologize for any inconvenience caused,” it added, assuring passengers of a return to normalcy after system recovery.

Flight Safety Not Affected

A local media outlet, Japan Times, reported that JAL was already experiencing malfunctions in its system that was dedicated to handling passengers’ baggage before the company noticed that its system had been attacked. However, the airliner said the attack did not cause flight safety issues, and no customer data was lost during the event.

At Haneda Airport, many passengers faced delays of up to 50 minutes as a dozen departing flights remained grounded. But no flight was canceled despite the delay.

Being the second largest airliner, after Japan’s All Nippon Airways (ANA), JAL’s flight disruption sent shockwaves across the country’s air travel industry as many passengers remained stranded at the airports due to the unprecedented delay, which threatened to ruin their year-end holiday travel itinerary.

The incident also caught the government's attention, with Chief Cabinet Secretary Yoshimasa Hayashi commenting on it during a regular news conference.

Other Airliners Not Affected

Flights scheduled for other Japanese airlines, including Skymark and Starflyer, were unaffected. JAL’s flight disruption is the latest in the recent chain of travel disruptions during this busy holiday season as many travelers head to their holiday destinations across the globe.

Last weekend, over 100 flights operating London’s Heathrow route were canceled due to strong winds, which the UK’s Met Office warned could endanger lives. American Airlines also grounded their flights on Christmas Eve due to unspecified technical glitches.

Japan Airline’s cyberattack comes at a very busy time of year when many people travel back home to spend the end-of-year with their loved ones while others head on holiday vacations. However, such attacks aren’t new to major Japanese companies and institutions.

Other Recent Cyberattacks

In 2022, a Toyota supplier faced a major cyberattack that halted the automaker’s operations at domestic factories for a day. In 2023, Japan’s space agency, JAXA, reported a cyber breach on its system but confirmed no sensitive data on safelights and rockets were accessed during the event.

The same year, operations at Japan’s Nagoya Port were crippled by a ransomware attack linked to a Russia-based hacker group, Lockbit.

Surprisingly, even Japan’s cybersecurity agency, the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), was not spared in the spate of 2023 cyberattacks. The hackers breached the institution’s systems and reportedly gained access for months before the attack was noticed.

JAL’s cyberattack highlights major cybersecurity challenges Japan grapples with in this digital age in which most systems are interconnected. As such, an attack on one end can cause massive service disruptions across multiple systems.

With many institutions currently depending on online interconnected network systems to store and access sensitive data for efficient operations, hackers view them as prime targets for data theft, which could potentially earn them a huge ransom.

Meanwhile, JAL continues to monitor its system for any possible attacks on all its operations.